Subject: Re: Can You Prevent Some Users From Telneting to their Accounts?
From: Dan Burcaw (firstname.lastname@example.org)
Date: Sun Oct 17 1999 - 19:26:14 MDT
You can do this two ways.
1) You can set a users shell to /bin/false so when they try to telnet in
it runs /bin/false, which of course does nothing and boots them out.
2) You can edit /etc/pam.d/login so that it looks like this:
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
auth required /lib/security/pam_shells.so
auth required /lib/security/pam_listfile.so \
onerr=fail item=user sense=allow file=/etc/loginusers
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so
Basically, this makes it so PAM checks /etc/loginusers each time someone
tries to login and if their username is not in that file, does not allow
One caveat... if you put in a users log followed by a space or multiple
spaces, PAM sometimes thinks the users login includes a space and so it
doesn't let them in.
You could change the sense=allow in the long line above to sense=deny
so it acts more ftpusers-like.
Hope this helps,
Terra Soft Solutions, Inc.
Yellow Dog Linux
"The Ultimate Companion for a Dedicated Server"
This archive was generated by hypermail 2a24 : Tue Nov 02 1999 - 16:20:58 MST